Security and Privacy in Social NetworksSocial Network Privacy (Heatherly et al)So what?PrivacyLearningModel BuildingDetails OnlyLinks OnlyAverageCollective InferencePreserving PrivacyOur experimentsResultsSlide 14Access Control in Social Networks (Carminati et al, 2009)Parental rights over a minorFriendship HierarchyProject motivationData GenerationImplementation challengesPartitioningExperiment 1Experiment 2Experiment 3Slide 25Questions?UT DALLASUT DALLASErik Jonsson School of Engineering & Computer ScienceFEARLESS engineeringSecurity and Privacy in Social NetworksRaymond HeatherlyData Security and Privacy LabFEARLESS engineeringSocial Network Privacy (Heatherly et al)•Facebook currently has over 400 million users•Each of these users specify details about themselves•For example:FEARLESS engineeringSo what?•What about details they don’t specify?•In our previous example, what political affiliation does she have?•What about her job?•Two possible reasons:–Forgot–Don’t want people to knowFEARLESS engineeringPrivacy•But can we figure out anyways?•For instance, is there anything our previous example does state that talks about her job?•An activity talks about ‘my classroom’FEARLESS engineeringLearning•Consider a social network as a graph, where the vertices are the users in the network, and the edges are friendship links between those users.•Each node has a finite subset of detail types (hometown, birthdate, groups, books, etc.)•Each detail type has a finite number of detail values (books = The Bible, Harry Potter, etc.)FEARLESS engineeringModel Building•We use these properties to construct three different models:–Details Only–Links Only–AverageFEARLESS engineeringDetails Only•Naïve Bayesian classifier (Detail independence)•Builds a raw model based on training data over all detailsFEARLESS engineeringLinks Only•Naïve Bayes based•With changes•Weigh friendships based on similarityFEARLESS engineeringAverage•Calculate Link only and Details only probabilities and average themFEARLESS engineeringCollective Inference•When we classify large graphs, the decisions we make at one node transfer through the graph•CI gives us a series of algorithms to assist with handling these transfers–Local Classifier–Relational Classifier–CI AlgorithmFEARLESS engineeringPreserving Privacy•What happens when data is released?•In what ways can we decrease accuracy of classifiers?•We can add or remove links or details•Consider what additions mean•What about deletions?FEARLESS engineeringOur experiments•Performed on data gathered from the DFW network on Facebook in the Spring of 2008•Performing only link or detail deletions•For Details, remove the best identifiers of any classification globally•For Links, remove links to those individuals most like a personFEARLESS engineeringResultsFEARLESS engineeringFEARLESS engineeringAccess Control in Social Networks(Carminati et al, 2009)•What about access to resources?•For example, photos: Who should control viewers of a photo on Facebook?•Now, on Facebook, the photo uploader has control of the photo’s viewers•A person in the picture can only untagFEARLESS engineeringParental rights over a minor•What if a photo is of a minor child?•How would a parent be able to (reliably) have photos removed or restricted of their children?•What about limiting children’s access to inappropriate videos over a social network?FEARLESS engineeringFriendship Hierarchy•Propose several generic classes of friends:–Friend–Co-Worker–Family•Some classes can have (user-defined) specific sub-classes, such as a Best Friend, a Boss, a Parent, a child, etc.FEARLESS engineeringProject motivation•What if we give all people tagged in a photo some say in who can see photos of them?•Additionally, parents of minor children can also have a say in the permissions of photos of their children•Instead of a static access list, what about inferring the authorizations using semantic reasoners?FEARLESS engineeringData Generation•Facebook doesn’t give full set of its data to researchers•Needed to test efficacy of semantic solution using a comparable size of data•Generated 350 million `users’ with their own security policies•Simulated a scale-free network•Generated Between 750,000 and 350 million resourcesFEARLESS engineeringImplementation challenges•Initially, we attempted to do the reasoning on the entire data set. •SweetRules did not update in-memory model of security policies, so gave incorrect responces•Pellet then crashed due to the amount of memory required to perform inference on data setFEARLESS engineeringPartitioning•We then decided to partition data•But any single partition would be a cut that would have edges to (at least) one other partition•These would decrease our accuracy•Dynamic partitioning–Owner–Tagged individuals–RequestorFEARLESS engineeringExperiment 1•Friendship types:–Coworker–Friend: with BestFriend sub-type–Family: with Parent/Child sub-type•Security policies:–1. Strict – Only BestFriends and Family can view photos of self and any child; child may not view any videos–2. Casual – Anyone can see photos; no restriction on child–3. ParentStrict – Anyone can see photos of the parent, only family can see photos of child;FEARLESS engineeringExperiment 2•Discard almost all Link Types–Keep ParentOf/ChildOf•Replace with a Trust value between 1 and 10FEARLESS engineeringExperiment 3•Used a hybrid approach•Maintained all general and specific link types•Each friendship also assigned a Trust Value–i.e. A Best Friend with a TV of 6FEARLESS engineeringResults•Time (in seconds) for each inferenceAverage Low HighLink-Type only 0.585 0.562 0.611Trust Value Only 0.612 0.534 0.598Value/Trust Hybrid 0.731 0.643 0.811FEARLESS
View Full Document
Unlocking...